I'm trying to verify a digital signature in Adobe. The CRL of the certificate is pointed by an LDAP url (ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint).
The error as it appears in Adobe:
CRL download error
Location: ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint
Cannot connect to server.____________________________________________________________
CRL download error
Location: ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint
Cannot connect to server.____________________________________________________________
CRL download error
Location: ldap:///CN=ROOT,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=TEST,DC=LOCAL?certificateRevocationList?base?obj ectclass=cRLDistributionPoint
Cannot connect to server.
I should mention that when I use a certificate with a CDP entry that points to an HTTP url, I don't get such errors. Is it a known bug/limitation? will it be fixed? is there a way to allow/force Adobe to read the LDAP url?
P.S.
I'm aware that un-checking the "Require certificate revocation checking to succeed whenever possible during signature verification" solves the issue (as it simply skips the CRL checking), so I prefer to have the CRL check working